English

Secure Consensus Generation with Distributed DoH

Cryptography and Security 2020-10-20 v1 Networking and Internet Architecture
Authors: Philipp Jeitner , Haya Shulman , Michael Waidner
View on arXiv PDF DOI

Abstract

Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack [1] against NTP and security enhanced NTP with Chronos [2] showed that relying on DNS for generating the pool of NTP servers introduces a weak link. In this work, we propose a secure, backward-compatible address pool generation method using distributed DNS-over-HTTPS (DoH) resolvers which is aimed to prevent such attacks against server pool generation.

Keywords

ddos attack detection

Cite

@article{arxiv.2010.09331,
  title  = {Secure Consensus Generation with Distributed DoH},
  author = {Philipp Jeitner and Haya Shulman and Michael Waidner},
  journal= {arXiv preprint arXiv:2010.09331},
  year   = {2020}
}

Related papers

View all related →
Networking and Internet Architecture · Computer Science
Encryption without Centralization: Distributing DNS Queries Across Recursive Resolvers
Austin Hounsel, Paul Schmitt, Kevin Borgolte, Nick Feamster
2021-09-23
Networking and Internet Architecture · Computer Science
An Empirical Study of the Cost of DNS-over-HTTPS
Timm Boettger, Felix Cuadrado, Gianni Antichi, Eder Leao Fernandes +3
2019-09-16
Cryptography and Security · Computer Science
Pitfalls of Provably Secure Systems in Internet The Case of Chronos-NTP
Philipp Jeitner, Haya Shulman, Michael Waidner
2020-10-19
Cryptography and Security · Computer Science
Defending Root DNS Servers Against DDoS Using Layered Defenses
A S M Rizvi, Jelena Mirkovic, John Heidemann, Wesley Hardaker +1
2022-09-16
Distributed, Parallel, and Cluster Computing · Computer Science
HL-DPoS: An Enhanced Anti-Long-Range Attack DPoS Algorithm
Yang Li, Chunhe Xia, Chunyan Li, Yuan Zhao +2
2025-07-10
Cryptography and Security · Computer Science
Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
Sudheesh Singanamalla, Suphanat Chunhapanya, Marek Vavruša, Tanya Verma +5
2020-11-23
Networking and Internet Architecture · Computer Science
Collusion Resistant DNS With Private Information Retrieval
Yunming Xiao, Peizhi Liu, Ruijie Yu, Chenkai Weng +2
2025-07-29
Cryptography and Security · Computer Science
Five Minutes of DDoS Brings down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations
Zhongtang Luo, Jianting Zhang, Akshat Neerati, Aniket Kate
2026-03-25
Cryptography and Security · Computer Science
PoS-CoPOR: Proof-of-Stake Consensus Protocol with Native Onion Routing Providing Scalability and DoS-Resistance
Ivan Homoliak, Martin Perešíni, Marek Tamaškovič, Timotej Ponek +2
2025-10-07
Cryptography and Security · Computer Science
Privacy Preserving Passive DNS
Pavlos Papadopoulos, Nikolaos Pitropakis, William J. Buchanan, Owen Lo +1
2020-08-17
Cryptography and Security · Computer Science
Measuring the Availability and Response Times of Public Encrypted DNS Resolvers
Ranya Sharma, Nick Feamster
2025-10-31
Networking and Internet Architecture · Computer Science
Comparing the Effects of DNS, DoT, and DoH on Web Performance
Austin Hounsel, Kevin Borgolte, Paul Schmitt, Jordan Holland +1
2020-02-25
Networking and Internet Architecture · Computer Science
Measurement and characterization of DNS over HTTPS traffic
Kamil Jerabek, Ondrej Rysavy, Ivana Burgetova
2022-04-11
Networking and Internet Architecture · Computer Science
Denial of Service Attack in Cooperative Networks
Tauseef Jamal, Zeeshan Haider, Shariq Aziz Butt, Assim Chohan
2018-10-29
Networking and Internet Architecture · Computer Science
K-resolver: Towards Decentralizing Encrypted DNS Resolution
Nguyen Phong Hoang, Ivan Lin, Seyedhamed Ghavamnia, Michalis Polychronakis
2020-02-19
Distributed, Parallel, and Cluster Computing · Computer Science
Socially-Aware Distributed Hash Tables for Decentralized Online Social Networks
Muhammad Anis Uddin Nasir, Sarunas Girdzijauskas, Nicolas Kourtellis
2015-09-24
Networking and Internet Architecture · Computer Science
Structured Gossip: A Partition-Resilient DNS for Internet-Scale Dynamic Networks
Priyanka Sinha, Dilys Thomas
2026-03-10
Cryptography and Security · Computer Science
NinjaDoH: A Censorship-Resistant Moving Target DoH Server Using Hyperscalers and IPNS
Scott Seidenberger, Marc Beret, Raveen Wijewickrama, Murtuza Jadliwala +1
2024-11-06
Cryptography and Security · Computer Science
Survey and Analysis of DNS Filtering Components
Jonathan Magnusson
2024-01-09
Networking and Internet Architecture · Computer Science
DNS Privacy with Speed? Evaluating DNS over QUIC and its Impact on Web Performance
Mike Kosek, Luca Schumann, Robin Marx, Trinh Viet Doan +1
2023-05-04
Cryptography and Security · Computer Science
A Robust Mechanism for Defending Distributed Denial OF Service Attacks on Web Servers
Jaydip Sen
2011-03-18
Networking and Internet Architecture · Computer Science
Adaptive Distributed Filtering of DDoS Traffic on the Internet
Jun Li, Devkishen Sisodia, Yebo Feng, Lumin Shi +3
2023-12-27
Cryptography and Security · Computer Science
Encrypted DNS --> Privacy? A Traffic Analysis Perspective
Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez +1
2019-10-08
Cryptography and Security · Computer Science
PDoT: Private DNS-over-TLS with TEE Support
Yoshimichi Nakatsuka, Andrew Paverd, Gene Tsudik
2019-09-26
Cryptography and Security · Computer Science
An Efficient Detection Mechanism for Distributed Denial of Service (DDoS) Attack
Saravanan Kumarasamy, Dr. R. Asokan
2013-02-22
R2 v1 2026-06-23T19:26:42.622Z